[Buildroot] [PATCH] package/libarchive: security bump to version 3.4.1
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Jan 6 22:29:34 UTC 2020
On Mon, 6 Jan 2020 20:56:37 +0100
Pierre-Jean Texier <pjtexier at koncepto.io> wrote:
> Fixes the following security vulnerabilities:
>
> - CVE-2019-19221: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c
> has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example,
> bsdtar crashes via a crafted archive.
>
> And adds various security fixes. For details, see :
>
> https://github.com/libarchive/libarchive/releases/tag/v3.4.1
>
> Also remove upstreamed patch.
>
> Signed-off-by: Pierre-Jean Texier <pjtexier at koncepto.io>
> ---
> v1 -> v2 :
> - update commit title "libarchive to package/libarchive"
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list